Paul's Security Weekly
SubscribeMS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. – Douglas McKee – PSW #836
Doug and the Security Weekly crew talk about vulnerabilities, are we patching the right things? This is the burning question. We will try to answer it.
Segment Resources: https://blog.sonicwall.com/en-us/2024/04/patch-tuesday-which-vulnerabilities-really-need-prioritizing/
Segment description coming soon!The Crowdstrike incident: what happened and what we can do better, people forget what 0-Day really means, shutting off the heat in January, honeypot evasion and non-functional exploits, what not to use to read eMMC, what if we don't patch DoS related vulnerabilities, a CVSS 10 deserves its own category, port shadow attacks, IPC and DBUS and a very informative and entertaining article, container breakouts, when you are bored on an airplane, Linksys security violations, fake IT workers, Telegram 0-day, and how to be more resilient on the same technology stack!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Segments
MS Patch Tuesday: Which Vulnerabilities Really Need Prioritizing. – Douglas McKee – PSW #836
Crowdstrike: The Aftermath – PSW #836
3D Printing For Hackers – David Johnson – PSW #835
Thinking about getting a 3D printer or have one and need a good primer? Check out this segment, we live 3D print a Captain Crunch whistle and talk all about 3D printing for hackers!
Segment Resources:
- Slides used in this segment: https://cms.cyberriskalliance.com/wp-content/uploads/2024/07/3D-Printing-for-Hackers.pdf
Major 3D Printer Websites:
- https://vorondesign.com/
- https://www.prusa3d.com/
- https://www.creality.com/
- https://bambulab.com/
- https://elegoo.com
Major 3D File libraries:
- https://printables.com (Prusa)
- https://thingiverse.com
- https://thangs.com
- https://makerworld.com (Bambu Labs)
- https://cults3d.com
Youtube Channels:
- Uncle Jessy
- CnC Kitchen
- The Edge of Tech
- Makers Muse
Find new flaws in UEFI using STASE, combining vulnerabilities to exploit Sonicwall Devices, remote BMC exploits, Netgear patches, and not a lot of information, 22 minutes before exploited, if the secrets were lost, we'd all be in screwed, Exim has not been replaced by something better and its vulnerable, CISA's red team reports, and attackers use drivers to attack EDR, the saga continues!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Segments
3D Printing For Hackers – David Johnson – PSW #835
Vulnerability Chains – PSW #835
RFID hacking & More Vulnerability Shenanigans – Iceman – PSW #834
Bats in your headset, Windows Wifi driver vulnerabilities, Logitech's dongles, lighthttpd is heavy with vulnerabilities, node-ip's not vulnerability, New Intel CPU non-attacks, Blast Radius, Flipper Zero alternatives, will OpenSSH be exploited, emergency Juniper patches, and the D-Link botnet grows.
Iceman comes on the show to talk about RFID and NFC hacking including the tools, techniques, and hardware. We'll also talk about the ethics behind the disclosure of vulnerabilities and weaknesses in these systems that are used in everything from building access to cars.
Segment Resources:
- Youtube channel - https://www.youtube.com/@iceman1001
- Proxmark3 forums - http://www.proxmark.org/forum/index.php
- Proxmark3 Repository - https://github.com/rfidresearchgroup/proxmark3
- Awesome RFID talks - https://github.com/doegox/awesome-rfid-talks
Visit https://www.securityweekly.com/psw for all the latest episodes!
Segments
More Vulnerability Shenanigans – PSW #834
RFID hacking – Iceman . – PSW #834
Hacker Heroes – Joe Grand – PSW Vault
Exploring the Hardware Hacking Realm with Joe Grand, AKA Kingpin
Joe Grand, also known by his hacker pseudonym "Kingpin," stands as a prominent figure in the cybersecurity landscape. With an extensive background in hardware hacking, reverse engineering, and embedded systems, Joe has carved a niche for himself as a respected authority in the field.
As a seasoned security professional, Joe has contributed significantly to the cybersecurity community through his expertise and innovation. With a career spanning decades, he has become a go-to resource for insights into the intricacies of hardware security, emphasizing the critical intersection between hardware and software vulnerabilities.
In our podcast interview, we delve into Joe's journey – from his early forays into hacking to his current role as a thought leader in cybersecurity. Gain a unique perspective on the evolving challenges faced by security professionals, especially in the context of hardware-based threats.
Joe's expertise extends beyond theoretical knowledge, as he has been actively involved in hands-on research and development. As a co-founder of Grand Idea Studio, he has played a pivotal role in developing cutting-edge hardware security tools, contributing to the arsenal of cybersecurity professionals worldwide.
Join us as we explore the world of hardware hacking, reverse engineering, and the broader cybersecurity landscape with Joe Grand. Whether you're an aspiring hacker, a seasoned security professional, or simply curious about the intricacies of cybersecurity, this podcast episode promises deep insights into the mind of a true cybersecurity luminary.
Segments
Hacker Heroes – Joe Grand – PSW Vault
Do We Need Penetration Testing and Vulnerability Scanning? – Josh Bressers, Adrian Sanabria – PSW #833
This may be controversial, however, we've been privately discussing how organizations benefit from penetration testing and vulnerability scanning. Do you still need these services as a critical part of your security program? Can't you just patch stuff that is missing patches? Tune in for a lively debate!
Zyxl NAS devices are under attack and the exploit is pretty simple, A new UEFI vulnerability with a name that some people don't like, that time you setup a load balancer and forgot about it, I love it when there is a vulnerability in a Wifi driver, Polyfill is filling the Internet with supply chain vulnerabilities, open source doesn't mean more secure, what happens when there is a vulnerability in your bootload, The Red Hat Linux kernel model is broken, when disclosure goes wrong, and more IoT router vulnerabilities.
Visit https://www.securityweekly.com/psw for all the latest episodes!
Segments
Do We Need Penetration Testing and Vulnerability Scanning? – Adrian Sanabria, Josh Bressers – PSW #833
Hack all the things, patch all the things – PSW #833
Hacker Heroes – Dave Aitel – PSW Vault
Exploring the Strategic Minds in Cybersecurity: A Conversation with Dave Aitel
Welcome to an enlightening episode of our podcast, where we sit down with Dave Aitel, a prominent figure in the cybersecurity landscape. With a robust background in offensive security and an extensive career spanning various facets of the industry, Dave brings a wealth of knowledge and strategic insights to our discussion.
As the Founder and CEO of Immunity Inc., a leading cybersecurity company, Dave has played a pivotal role in shaping the cybersecurity landscape. Join us as we delve into his journey, from his early experiences in cybersecurity to the strategic decisions that have defined his role as a thought leader in the field.
In this episode, we explore Dave's perspectives on the ever-evolving threat landscape, offensive security strategies, and the intricate balance between security and privacy. Gain valuable insights into the methodologies and philosophies that underpin his approach to addressing the challenges posed by cyber threats.
Dave Aitel's expertise extends beyond technical domains; he is also recognized for his contributions to policy discussions on cybersecurity. Discover how his experiences and viewpoints contribute to the broader discourse on cybersecurity policy, technology, and the future of digital defense.
Whether you're a cybersecurity professional, an industry enthusiast, or someone keen on understanding the strategic dimensions of cybersecurity, this podcast episode with Dave Aitel is bound to offer thought-provoking perspectives and strategic insights.
Tune in to explore the intersection of technology, security, and strategy with one of the industry's strategic minds, Dave Aitel.
Segments
Hacker Heroes – Dave Aitel – PSW Vault
GenAI, Security, and More Lies – Aubrey King – PSW #832
We will discuss LLM security in general and some of the issues covered in the OWASP Top 10 for LLMs!
Segment Resources:
Skyrocketing IoT vulnerabilities, bricked computers?, MACBORG!, raw dogging source code, PHP strikes again and again, if you have a Netgear WNR614 replace it now, Arm Mali, new OpenSSH feature, weird headphones, decrypting firmware, and VPNs are still being hacked!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Segments
GenAI, Security, and More Lies – Aubrey King – PSW #832
Bricking PCs and IoT Hacking – PSW #832
Whose Vulnerability Is It Anyway? – Josh Bressers – PSW #831
Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more!
Segment Resources:
- NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/
- Josh's Latest post: https://opensourcesecurity.io/2024/06/03/why-are-vulnerabilities-out-of-control-in-2024/
Josh's podcasts:
This week: Take on the upstream, how hard is it to patch end-of-life software, hack millions of routers, take over millions of routers, 0-days, and no responses, hack Taylor Swift wristbands, can you detect that covert channel?, and breach reports from Ticketmaster, Snowflake, Santander, and TikTok, and top it all of with C-level DNS servers dropping off the Internet!
Visit https://www.securityweekly.com/psw for all the latest episodes!
Segments
Whose Vulnerability Is It Anyway? – Josh Bressers – PSW #831
Routers, Breaches, and Vulnerabilities – PSW #831
Hacker Heroes – Josh Corman – PSW Vault
Making The World A More Secure Place: Joshua Corman's Journey and Insights
Welcome to an insightful podcast episode featuring Joshua Corman, a prominent figure in the realm of cybersecurity. With a wealth of experience and a keen understanding of the evolving threat landscape, Joshua has established himself as a thought leader and influencer in the cybersecurity community.
In this episode, we explore Joshua's professional journey, from his early days in the industry to his current position as a respected cybersecurity leader. With a focus on practical strategies and real-world challenges, Joshua shares valuable insights into the complexities of modern cybersecurity and the strategies organizations can employ to navigate this dynamic landscape.
As a recognized authority on security, Joshua Corman's expertise spans a range of topics, including risk management, threat intelligence, and the intersection of security with technology and business. Join us as we delve into his experiences, lessons learned, and the principles that guide his approach to addressing the ever-present challenges of cybersecurity.
Whether you are a cybersecurity professional, technology enthusiast, or someone keen on understanding the intricacies of safeguarding digital assets, this podcast offers a unique opportunity to gain perspective from one of the industry's thought leaders. Tune in to discover the wisdom and practical advice Joshua Corman brings to the table, shedding light on the current state of cybersecurity and its future trajectory.
Segments
Hacker Heroes – Josh Corman – PSW Vault
Pen Testing As A Service – Seemant Sehgal – PSW #830
The Security Weekly crew and special guest Seemant Sehgal explore what PTaaS involves, how it differs from traditional penetration testing, and why it's becoming a crucial service for companies of all sizes to protect their digital assets. We'll discuss the how PTaaS is using the latest technologies (e.g machine learning), the benefits of having a third-party service, and real-world scenarios where PTaaS has successfully thwarted potential security breaches. PTaaS can be a game-changer in enhancing your organization’s security posture!
This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlock to learn more about them!
An exploit that makes you more secure, pardon the interruption, water heater company in hot water, IoT devices are vulnerable, Squeege and RDP scraping, free laundry for everyone!, Wifi routers and Apple Air tags, North Koreans fill US IT positions, taking out drones, the NVD backlog, IBM is no longer a security company?, and DNSBombs!
Visit https://www.securityweekly.com/psw for all the latest episodes!